Page 1 of 1

Grsecurity API

PostPosted: Sat May 13, 2006 4:31 am
by alfatau
Hello, I would write a daemon to let an user (probably the server administrator) to get notifies and interactive choices about what to do on the system when PaX logs something dangerous.
For example, i would that user, when probably an attach is occuring, could choose to "ban" the attacher IP/Mac, or to kill the application, or to do nothing, or other.
To be able to catch PaX "signals" i would need some API, because i don't want to work on logs.
Any APIs (and/or documentation) for PaX auditing, also to understand what i could think to do, or is my project achievable?
Excuse me for my inaccurate language but i'm not a native speaker.

Thank you.

Re: Grsecurity API

PostPosted: Fri May 19, 2006 8:10 am
by PaX Team
alfatau wrote:Hello, I would write a daemon to let an user (probably the server administrator) to get notifies and interactive choices about what to do on the system when PaX logs something dangerous.
For example, i would that user, when probably an attach is occuring, could choose to "ban" the attacher IP/Mac, or to kill the application, or to do nothing, or other.
To be able to catch PaX "signals" i would need some API, because i don't want to work on logs.
Any APIs (and/or documentation) for PaX auditing, also to understand what i could think to do, or is my project achievable?
when PaX detects something it's already too late for reaction in userland, the process exhibiting badness is simply killed and you'd better not let anyone else make that decision ;-). this implies that you only get to work with the event logs. whether printk/syslog is the best way for you i can't tell, but feel free to add your own notification mechanism/hooks to the kernel where PaX reports something.